AFL fuzzing (#91)

Authored-by: Jayant Krishnamurthy <jkrishnamurthy@jumptrading.com>

Author: jayantk

.dockerignore

@@ -0,0 +1 @@
+build

CMakeLists.txt

@@ -110,3 +110,11 @@ target_link_libraries( leader_stats ${PC_DEP} )
 
 add_test( test_unit test_unit )
 add_test( test_net test_net )
+
+
+#
+# fuzz testing application
+#
+
+add_executable( fuzz pctest/fuzz.cpp )
+target_link_libraries( fuzz ${PC_DEP} )

README.md

@@ -1,6 +1,8 @@
 # pyth-client
 client API for on-chain pyth programs
 
+### Build Instructions
+
 ```
 # depends on openssl
 apt install libssl-dev
@@ -23,3 +25,39 @@ make
 # run unit tests
 ctest
 ```
+
+### Fuzzing
+
+Build a docker image for running fuzz tests:
+
+```
+docker build . --platform linux/amd64 -f docker/fuzz/Dockerfile -t pyth-fuzz
+```
+
+Each fuzz test is invoked via an argument to the `fuzz` command-line program,
+and has a corresponding set of test cases in the subdirectory with the same name as the test.
+You can run these tests using a command like:
+
+```
+docker run -t \
+  --platform linux/amd64 \
+  -v "$(pwd)"/findings:/home/pyth/pyth-client/findings \
+  pyth-fuzz \
+  sh -c "./afl/afl-fuzz -i ./pyth-client/pyth/tests/fuzz/add/testcases -o ./pyth-client/findings ./pyth-client/build/fuzz add"
+```
+
+This command will run the `add` fuzz test on the tests cases in `pyth/tests/fuzz/add/testcases`, saving any outputs to `findings/`.
+Note that `findings/` is shared between the host machine and the docker container, so you can inspect any error cases
+by looking in that subdirectory on the host.
+
+If you find an error case that you want to investigate further, you can run the program on the failing input using something like:
+
+```
+docker run -t \
+  --platform linux/amd64 \
+  -v "$(pwd)"/findings:/home/pyth/pyth-client/findings \
+  pyth-fuzz \
+  sh -c "./pyth-client/build/fuzz add < ./pyth-client/findings/crashes/id\:000000\,sig\:06\,src\:000000\,op\:flip1\,pos\:0"
+```
+
+in this example, `id\:000000\,sig\:06\,src\:000000\,op\:flip1\,pos\:0` is the file containing the failing input.

docker/fuzz/Dockerfile

@@ -0,0 +1,25 @@
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update
+RUN apt-get install -qq cmake curl git libzstd1 libzstd-dev python3-pytest sudo zlib1g zlib1g-dev libssl-dev clang llvm
+
+# Grant sudo access to pyth user
+RUN echo "pyth ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+RUN useradd -m pyth
+USER pyth
+WORKDIR /home/pyth
+
+# Install AFL
+ENV CC=clang
+ENV CXX=clang++
+RUN git clone https://github.com/google/AFL.git --branch v2.57b afl
+RUN cd afl && make && cd llvm_mode && make && cd /home/pyth
+
+# Build everything with the AFL compilers
+ENV CC=/home/pyth/afl/afl-clang-fast
+ENV CXX=/home/pyth/afl/afl-clang-fast++
+
+COPY --chown=pyth:pyth . pyth-client/
+RUN cd pyth-client && mkdir build && cd build && cmake .. && make